Re: Help finding Coverity defects for generated Hexagon code

[Anton Johansson]

On 5/23/23 19:56, Brian Cain wrote:
> > -----Original Message-----
> > From: qemu-devel-bounces+bcain=quicinc.com@nongnu.org <qemu-devel-
> > bounces+bcain=quicinc.com@nongnu.org> On Behalf Of Richard Henderson
> > Sent: Tuesday, May 23, 2023 10:32 AM
> > To: anjo@rev.ng; Paolo Bonzini <pbonzini@redhat.com>; Peter Maydell
> > <peter.maydell@linaro.org>
> > Cc: qemu-devel@nongnu.org
> > Subject: Re: Help finding Coverity defects for generated Hexagon code
> >
> > WARNING: This email originated from outside of Qualcomm. Please be wary of
> > any links or attachments, and do not enable macros.
> >
> > On 5/23/23 06:29, Anton Johansson via wrote:
> > > On 5/23/23 12:29, Paolo Bonzini wrote:
> > > > On Tue, May 23, 2023 at 11:18 AM Peter Maydell
> > <peter.maydell@linaro.org> wrote:
> > > > > On Mon, 22 May 2023 at 21:24, Anton Johansson <anjo@rev.ng> wrote:
> > > > > > Hi,
> > > > > >
> > > > > > coverity recently reported some defects in code generated by idef-parser
> > > > > > (email attached). These defects are expected and we plan to emit a
> > > > > > /* coverity[event_tag] */ comment to disable the specific event triggered.
> > > > > We don't mark coverity false positives with comments in the
> > > > > source. For the free online scanner, we just mark them as
> > > > > false positives in the GUI (with an explanation of why they're
> > > > > false positives).
> > > > They aren't visible in the GUI because the whole "hexagon generated
> > > > files" component is marked as not-analyzed; which apparently means it
> > > > _is_ analyzed and visible in the emails but not in the GUI.
> > > Ah right...
> > >
> > > > The event tag for this error should be "dead_error_condition". In
> > > > theory, the hexagon generated files could be a good exception to the
> > > > rules that we don't mark false positives in the source, but finding
> > > > the right line to add the tag can be messy.
> > > If we decide to mark these in source, my plan was to simply emit
> > >
> > >       if (qemu_tmp_2 >= 64) {
> > >           /* coverity[dead_error_condition] */
> > >           tcg_gen_movi_i64(tmp_5, 0);
> > >       } else {
> > >           tcg_gen_shli_i64(tmp_5, tmp_4, qemu_tmp_2);
> > >       }
> > >
> > > for all of these safety checks around shifts/extracts where the defect could
> > > trigger. Maybe this is overreaching as we would also mark similar branches in
> > > other instructions that are alive, but if we knew they were dead at translation
> > > time we could simply not emit them to begin with.
> > It would be simpler to do better constant propagation and folding in the
> > generator than to
> > do the markup.  All of the cases for which it warns are really quite trivial.
> But the host compiler can already do this for us.  Is the markup really more 
> work than almost anything else?
To add to this:

We did look into dealing with these coverity warnings through constant
propagating a few weeks back, and yes it's not that bad.  You really
only have to deal with sign-/zeroextensions and then perform the check
at translation time instead of emitting it.

However, constant propagating only to deal with coverity warnings feels
like the wrong way to go about it.  If we want to go in this direction
we should really propagate/fold as much as possible, which requires
relaxing some assumptions on immediates (always positve and
representable in uint64_t).  Even if this is not hard to do, it
increases the complexity of the parser for something the compiler
already does for us.

For the time being, I'll submit a patch emitting a comment, and if we
decide it's worthwhile to constant fold we'll drop the comments then.

--
Anton Johansson,
rev.ng Labs Srl.